REQUIRE URGENT INCIDENT RESPONSE?
How can Secrutiny help?
When anomalous activity is identified, Secrutiny can provide remote and on-site investigation within hours of engagement to significantly reduce the impact of an incident on your organisation.
A two-phased approach is used to broadly examine the network as a whole to identify a much smaller set of ‘hosts of interest’ that are analysed more deeply in the second phase.
The first phase consists of the collection of information from across the entire estate, which is baselined and analysed for usage patterns, statistical anomalies, user behaviour, and vulnerabilities to determine the scope of the incident and identify ‘hosts of interest’.
The ‘hosts of interest’ are examined in greater detail to determine misuse and the risk this threat poses to the organisation.
Step 1: Identify the ‘host of interests’ use and the criticality to the business.
Step 2: Utilise a forensically sound collection tool to gather relevant artefacts.
Step 3: Analyse the collected artefacts to create “the story behind the compromise and its activity”.
As new data and insights are learned, the investigation may expand to additional systems of interest and reiterate through the process. This process continues until full coverage of the threat has been discovered and examined.
Once the analysis has been completed, the results are presented back to the customer in the form of a report for review with the associated evidence and recommended remedial actions.